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The increasing pace in the wireless communication taking momentum in the 
market of commercial application where a significant trade-off between user- 
experience and security demands exists. The Near Field Communication or 
NFC is one such communication trend which is effectively adopted by the 
user worldwide to make touchless operation using their mobile device. 
Although, it is claimed that NFC incorporates some of the standard 
encryption but existing researchers fails to prove that their electromagnetic 
signals are snot so difficult to compromise to result in collateral damage to 
user's resources. Thus, there exist research work towards strengthing security 


Near field communication system, but there is yet to report on any standard security protocol or 
RFID framework to ensure the highest resiliency. This paper provides a 
Security comprehensive visualization towards the effectiveness of existing research 


Wireless security approaches to formulate the research trend and gap. 
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1. INTRODUCTION 

NFC or Near Field Communication is mainly known for its wireless mechanism to 
transmit/exchange data using high frequency (13.56 MHz) within shorter ranges (nearly 10 cm) of 
communicating devices [1]. An electromagnetic field is being generated by a small NFC chip residing within 
the communicating device that is captured by other NFC device (called as tags) that could be anything right 
from smart poster to the NFC-based point of sale device. The information is exchanged from the NFC tags to 
the communicating devices. Normally, the transmission speed of data is very fast in NFC devices ranges 
from 106-424 kbps. It can also be said that NFC is an enhanced version of legacy Radio Frequency 
Identification RFID system that amalgamates both readers as well as smartcard interface in one 
communication device [2]. However, the fact is NFC is very much different from RFID as well as any other 
wireless standards. The usage of NFC has been evidently seen in some recent applications, e.g., Apple 
Watch, Samsung Pay, etc., which are mainly smartphone devices. NFC differs from any other 
communication technologies in smartphones by its significantly shorter set up time which 1/10 seconds [3]. 
This phenomenon also assists in incorporate good security in NFC devices from being less vulnerable in the 
crowded location which is not the case with Bluetooth and other Wireless Communication system [4]. The 
significant advantage of NFC is that it doesn't have any dependencies on power (i.e., battery). Even if the 
phone is in off mode, the NFC application is still functional. However, there are some obvious security 
concerns with the usage of NFC. The first security concern is NFC allows one-touch execution which makes 
the device very much vulnerable as it stores lots various credential information in the mobile devices in case 
of illegitimate intercepting of payment process [5]. An advance security mechanism, e.g., biometrics, 
tokenization, hybridizing approaches are still under the roof of research [6]. The second security concern in 


Journal homepage: http://iaescore.com/journals/index.php/IJECE 


Int J Elec & Comp Eng ISSN: 2088-8708 O 1215 


NFC is used for heterogeneous platform for making the payments, which makes lot of differences in security 
performance even if they run same application. The third security concern with NFC is that it has all the 
possibility of catching wrong signals. This means that as RFID is the backbone of NFC so whenever there is 
any form of electromagnetic signals, it alerts the NFC apps which may not be the desired tag in real sense. 
Apart from all the above security concern, eavesdropping is another critical security concern in NFC that 
takes place when the signal is illegally intercepted by the third party when two NFC devices are 
communicating. In such condition, there is all the possibility that confidential information within the mobile 
device will be silently be accessed by the intruder without even knowledge of owner of the device. This 
problem of eavesdropping give rise to another potential problem, i.e., data corruption [7] where the adversary 
changes or do some sort of tampering with the eavesdropped data. At present, the researchers have presented 
some valuable contribution towards safeguarding the communication in NFC-based devices. However, still, 
there is no reported case of strength or effectiveness of any existing approaches of security in the area of 
NFCs. Therefore, this manuscript contributes towards exploring the effectiveness of existing research 
approaches of securing NFCs. Section 1.1 discusses the background and brief highlights of research problems 
identified are addressed in Section 1.2 while proposed solution is presented in 1.3. Section 2 discusses 
fundamental information about NFC followed by discussion of existing research contribution along with their 
addressed problems, applied techniques, advantages and limitation in Section 3. Existing research trend 
highlighting most frequently used techniques for offering security features in NFCs is discussed in Section 4 
followed by highlights of significant research gap from existing research contribution in Section 5. Finally, 
conclusion is briefed in Section 6. 


1.1. Background 

This section briefs the existing studies that have been carried out towards addressing the security 
issues in NFC-based device, applications, and services. The work of Jianli et al. [8] designed an security 
system model for NFC device using two dimensional code encryption and found that it provides the boot 
passward for the mobile phone. Senthil Kumar and Mathivanan [9] presented the password protected NFC 
card which provides the personal code and is secure one. Paramsivam and Arivazhagan [10] presented the 
NFC based digital technique to mitigate the coin shortage issue. 

Instead of various manuscripts highlighting about security threats of NFC, there is only two standard 
literature that has reported security challenges in NFC. The work carried out by Chen et al. [11] have 
presented a discussion of different forms of threats in NFC and briefed that majority of the attacks in NFC 
are generated from card emulation mode (denial of service, relay attack) as well as reader-writer mode (ticket 
cloning, phishing). Similarly, we have reviewed the work presented by Nyikes [12] who have discussed 
significant security challenges associated with RFID that is an essential backbone of NFC architecture. 
However, apart from these, there is little standard manuscript towards highlighting the security emergence of 
NFCs. 


1.2. Research Problem 

With upcoming communication and entertainment devices going much advance in wireless 
communication system, the incorporation of NFC is increasing day by day. From the prior section, it is now 
known that there is few number of standard review-based literature aimed towards exploring the 
effectiveness of existing security approaches of NFC. At the same time, there is presence of very less number 
of literatures that talk about implementation scheme of strengthing the security of NFCs. Hence, the biggest 
research problem is that it is not necessary that adoption of cryptographic algorithm that has proven its 
robustness in other wireless field needs to be equally of similar cadre in NFCs. In fact, usage of elliptical 
curve causes various computational complexities that have never been found discussed in any of the existing 
research studies. 


1.3. Proposed Solution 

The study focuses on discussing the existing techniques and approaches for strengthing the security 
features of NFC devices, application, and services. At present, there are very much scattered form of 
literature with diverse security techniques; it is quite challenging to explore the study effectiveness. 
Therefore, we filter only manuscripts from reputed and standard publishers that have been published during 
2010-2017. The inclusion criteria of the existing studies are only security or cryptographic based approaches 
in NFC whereas the exclusion criteria are other generic RFID based security system. It is because NFC uses a 
specific RFID structure that is very different from generic RFID structure. The proposed study essentially 
explores the effectiveness of existing security approaches of the NFC and also discusses the specific 
problems that have been focused on by the researchers. The proposed system also explores various 
techniques applied to solve such problems followed by brief identification of the limitation of each of the 
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significant approaches of existing system. After reviewing the research trend, the proposed system also 
contributes to extract the research gap from the existing security approaches in NFC. 


2. SECURITY CHALLENGES IN NFC 

The NFC-based application suffers from various security challenges. In present time, a standard 
known as NFC-SEC is used for securing NFC-devices from adversaries by incorporating Secured Channel 
Services (SCH) and Shared Secret Service (SSE) [13]. The integrity and confidentiality are maintained by 
SCH with the aid of generated key from a module called as SSE. Adoption of Elliptical Curve Cryptography 
and Diffie Hellman is used for developing a key agreement between two NFC devices that demands both 
private and public keys. The core modules of NFC environment are Trusted Service Manager (TSM) and 
Secure Element (SE). TSM plays the role of certificate authority while SE is all about safeguarding the 
valuable data. It is also believed that SE offers higher degree of tamper resistance along with the trusted third 
party, i.e., TSM. Majority of the security issues arises in the Logical Link Control Protocol in standard 
architecture of NFC devices (Figure 1). It has been seen that majority of the NFC application uses mobile 
payment system where both the forms of keys are mandatorily required to be constructed on the basis of 
elliptical curve cryptography. 
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MacTag,=/(MK, ID,, IDs, z) 
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Figure 1. Working Principle of NFC-SEC 


A public key in compressed form, as well as random number, is concatenated for forwarding from 
user | to user-2 who generates another random number. Applying elliptical curve, the significant point is 
considered as the secret key of different value for both users. A secret key is extracted using the identity of 
devices, arbitrary numbers, and confidential value. A new NFC tag is generated and exchanged with each 
other for validating the secret key. The public key, identity-based information, and secret key are used for 
generating such NFC tags. The identification of the NFC can be carried out using identity, but they can only 
access the partial information about it. The updating operation of NFC is independent of any messages or its 
connectivity. One of the biggest challenging factors here is the usage of the public key which is fixed for the 
devices. Hence, an adversary can easily collect it from the history of communication. For this purpose, NFC- 
based devices and services suffer from different ranges of applications, e.g., man-in-middle attack, 
eavesdropping, data corruption, data modification, data insertion, etc. Although some of the suggestion 
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mechanism to safeguard intrusions on NFC is disabling mobile NFC when it is not required, adoption of 
secure socket layer, and using password locking system do exist, but presence of lethal adversaries have 
outrun the existing security system. 


3. EXISTING SECURITY APPROACHES IN NFC 

This section discusses about the existing security approaches towards NFC. Usage of homographic 
encryption system is seen implemented most recently by Diaz et al. [14] in order to secure the 
communication system of airport exclusively focusing on the baggage control system. Another recent work 
has been carried out by Majumder et al. [15] have discussed a novel cloaking system to secure the electronic 
payment system, e.g., Samsung pay, google wallet, PayPal, etc. The paper has also discussed about existing 
research work towards payment system on NFC along with their verification techniques. Similar direction of 
research towards payment-based application was carried out by Park et al. [16] Madhoun [17] where the 
authors have presented a mutual authentication mechanism over NFC enabled mobile device. The technique 
implements lattice-based convolution scheme for multiplication operation. Study towards mutual 
authentication scheme was also carried out by Fan et al. [18], [19] that implements logical operation of XOR 
for resisting denial-of-service attacks. Adoption of key management towards securing NFC-based devices 
was seen in the work presented by Jin et al. [20] where the authors have presented a key agreement scheme 
that ensures energy efficiency using software-defined radio testbed. Literatures have also witnessed the usage 
of pseudonyms towards secure authentication of NFC application as seen in the work carried out by Odelu et 
al. [21]. The technique presented by the author uses simulation-based scheme to ensure the reduced size of 
the pseudonyms. The presented technique has proved that existing pseudonym-based approaches are all 
shrouded with security loopholes towards addressing impersonation attacks. This technique is claimed to 
offer similar form of security performance for a longer duration of time. The work carried out by Ozdenizci 
et al. [22] has introduced a tokenization scheme for ensuring identity verification of NFC services using host 
card emulation. The technique also implements a unique token generation process followed by encrypted 
storage of data. Rios et al. [23] have presented a technique where the assessment outcomes of any 
examination could be rendered anonymous with an integration of QR code and NFC applications. Eldefrawy 
and Khan [24] have presented a scheme that supports validation mechanism for banknote using NFC device 
where the RFID is inserted within the banknote for performing authentication. Adoption of pseudonym 
towards securing the communication system was seen in the work carried out by He et al. [25], where the 
authors have focused on addressing privacy problems. The authors have investigation prior technique and 
performed a security analysis with respect to anonymity of user, mutual authentication, and security of 
session key. Rasua et al. [26] have introduced a protocol for analyzing attacks on the wireless network using 
experimental methodology. Ren et al. [27] have discussed various studies towards usage of NFC application 
that uses barcode. The author has also discussed the possible challenges encountered in an NFC-based 
application that uses barcodes. 

Literature has witnessed that usage of mobile payment based application in more in NFC 
technologies. One such study was introduced by Chang [28] that developed a unique authorization control for 
the user’s mobile device. An application environment is created for assisting NFC-based mobile payment 
system. The technique also introduces a model for access control where different policies are maintained for 
judging the access request of a user. Usage of asymmetric encryption on NFC application was witnessed in 
work carried out by Plos et al. [29] using hardware profiles of RFID. The encryption was carried out using 
Advanced Encryption Standard (AES), digital signatures, and Elliptical Curve Cryptography (ECC). The 
complete implementation has been carried out in hardware platform where different cryptosystems were 
assessed. Study towards protecting privacy in NFC-based application was seen in the work of Eun et al. [30] 
where conditional approach is specified. The authors have implemented multiple pseudonyms for ensuring 
optimal privacy. Gummeson et al. [31] for addressing security breaches on the user NFC enabled mobile 
devices. The study has implemented a design of form-factor that is adhered to the mobile device meant for 
jamming any form os illegitimate communication. At the same time, the authors have also ensured energy 
efficient mechanism towards mobile device battery. There is various applications that has the supportability 
of assisting in peer-to-peer based communication system in literature. The works carried out by Nandakumar 
et al. [32] have implemented an acoustic-based approach for truncating the dependencies on the NFC-based 
mobile hardware. The authors have also assessed the security effectiveness using different forms of attacks. 
The study carried out by Matos et al. [33] has presented a technique for securing various hotspots for the 
NFC devices. As such hotspots are accessible to many users; therefore chances are more for the intrusion, 
e.g., eavesdropping, man-in-middle attack. The architecture presented offer passive authentication using 
public keys as well as effective implementation. The next section tabulates the summary of existing 
approaches of securing NFC devices as shown in Table 1. 
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Authors Problems Technique Advantage Limitation 
Diaz et al. [15] Baggage control in airport Paillier Cryptosystem Supports forward Consumes time to 
secrecy read/write NFC tags 
Majumder et al. e-payment on mobile Prototyping Simplified usage No extensive analysis of 
[16] (using biometric) outcomes 
Park et al. [17] Mutual authentication in Lattice-based Computationally No numerical analysis 
Madhoun [18] NFC-payment convolution efficient 
Fan et al. [19][20] Denial of service attack XORing, mutual Resistive against Time complexity not 
authentication synchronous attack discussed 
Jin et al. [21] Eavesdropping, passive Simulation, Energy-efficient Lacks Complexity analysis 
attack experimental 
Odelu et al. [22] Authentication Pseudonyms, ECC, Resist impersonation Introduces complexity 
Signature attack 
Ozdenizci et al. [23] | Access Control Tokenization Ensure data protection No numerical analysis 
Rios et al. [24] Anonymity in transmission QR Code, Simplified architecture Lacks Complexity analysis 
experimental 


He et al. [25] 
Rasua et al. [26] 
Ren et al. [27] 
Chang [28] 


Plos et al. [29] 


Eun et al. [30] 


Gummeson et al. 
[31] 


Nandakumar et al. 
[32] 
Matos et al. [33] 


Privacy issues, 
impersonation attack 
Distance fraud, mafia 
attack 

Studying NFC based 
application 

Access control 


Security in NFC device 


Device security 


Device security 


Securing peer-to-peer 


Authenticating hotspots 


Pseudonym, signature 


Analytical, 
experimental 
Explorative study 


XML encryption, 
signature 
Experimental, 
asymmetric 
encryption, ECC, 
signature 

Multiple pseudonym 


Experimental, 
Jamming malicious 
interaction 
Acoustic secrecy 


Experimental, passive 
and dynamic 
authentication 


Simple implementation 


Maintains forward & 
backward secrecy 
Good theoretical 
information 
Supports non- 
repudiation 

Practical realization 


Lesser overhead 


Successfully defend 
many malicious attacks, 
energy efficient 
Minimizes 
eavesdropping, free from 
Reduced authentication 
time 


Increased computational 
cost 

Size of key increase 
complexity 

Doesn’t discuss limitation 
of existing 

Lacks Complexity analysis 


Narrowed scope of study 


No extensive numerical 
analysis 

Doesn’t address the 
complexity associated 


No benchmarking 


No benchmarking 


4. RESEARCH TREND 

The existing research work towards addressing security problems in NFC-based application is not 
much in number. We explored that there are only 35 journals, 287 conference papers, two early access 
articles published from 2010 to 2017. Figure 2 highlights that existing research trends are more inclined 
towards usage of cryptographic protocol, pseudonyms, mutual authentication, and privacy preservation based 
approaches to offer security features in NFC-based application. It was also explored that majority of the 
security approaches have mainly focused on mobile payment system using either barcode based or QR code 
based authentication mechanism. However, usage of cryptographic-based approaches are mainly found to be 
using elliptical curve cryptography, digital signatures, symmetric/asymmetric encryption. 


Frequently Existing Security 
Techniques 


Cryptography 


Mutual 


Authentication 


35 Journals 


Figure 2. Existing Research Trends 
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5. 


RESEARCH GAP 
Following are the significant research gap identified after reviewing the existing security approaches in 


NFC-based applications: 


6. 


a. Incompatible Encryption Usage: Majority of the existing system make use of encryption 
mechanism that is not typically designed to handle the faster authentication demands of NFC- 
based application. Usage of pseudonyms, symmetric/asymmetric encryption, Elliptical Curve 
Cryptography consumes good amount of resources and is highly iterative process. Hence, its 
applicability towards RFID based authentication in NFC calls for extremely faster authentication 
process, which is missing in existing research approaches. 

b. Complex Cryptographic Usage: Existing cryptographic technique towards securing NFC 
devices have higher key sizes and complex memory management that causes delay during the 
authentication process. Adoption of lightweight algorithmic approach is entirely missing from 
the existing literature towards cost-effective computational processing of security algorithms in 
NFC devices./ 

c. Symptomatic approach: The existing security approaches are highly symptomatic in its security 
characteristics that will not be applicable if the investigation environment is altered as well as the 
adversary is altered. Moreover, existing approaches don't offer resiliency towards various other 
forms of lethal threats, e.g., key compromisation issue, replay attack, card emulation, 
compromised gateway, etc. 

d. Fewer significant studies: At present research work towards securing NFC based applications are 
not even more than 100 journals since last seven years. On the other side, the approach of 
cryptography has been making highly progressive features in network and security, but very few 
of them have been found towards NFC. Majority of the work have used more or less similar 
security strategies. Another issue is that there has been considerably less number of 
consideration of applications. It has to be known that NFC applications are highly vast and every 
application demands different form of security. 

e. Less Work being Benchmarked: At present, none of the existing research-based approaches are 
found to be benchmarked or being compared with standard security protocols in NFC or RFID 
based applications. Existing studies also don't emphasize on the computational complexity 
associated with the key management. Hence, there is no standard evidence of any significant 
algorithm that has been proven to be highly resistive against malicious threats in NFC-based 
applications and services. 


CONCLUSION & FUTURE WORK 
After reviewing the existing research-based approaches in NFC for strengthing the security feature, 


we concluded that there are problems associated with the usage of cryptographic algorithm in NFC. It is quite 
obvious that usage of complex cryptographic policies may lead to potential encryption, which is good for 
security, but it may not offer better communication performance too for much upcoming application that 
requires streaming of data. 


Therefore, our next level of research work will focus on applying certain lightweight cryptographic 


approaches, e.g., the hummingbird that has never been tried for securing communication in NFC. As 
hummingbird harnesses the potential of both stream and block cipher, so there is a fair chance of minimizing 
any form of computational complexity associated with cryptographic algorithm in NFC. 
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